Secure Transaction Systems and Methods

ABSTRACT

A user request to implement a secure transaction is received and communicated to a web server. Transaction details signed with a secret key are received from the web server and displayed to the user. The user is requested to confirm the secure transaction by providing biometric data. If the user&#39;s biometric data is validated, an authentication token is received from a biometric device and the authentication token is communicated to the web server. The web server processes the secure transaction if the authentication token is confirmed as a valid authentication token.

RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application No.61/249,218, filed Oct. 6, 2009, the disclosure of which is incorporatedby reference herein. This application also claims the benefit of U.S.Provisional Application No. 61/292,820, filed Jan. 6, 2010.

BACKGROUND

Typical user authentication systems and procedures use passwords toauthenticate the identity of the user. In many instances, Web sites areauthenticated using SSL (Secure Sockets Layer) or other protocols. SSLis a protocol for securely transmitting information via the Internet.When using SSL, a Web site is authenticated via its certificate. Theuser seeking access to the Web site is then authenticated by usernameand password.

Although passwords are commonly used to authenticate users, passwordsare subject to various attacks, such as phishing attacks, socialengineering attacks, dictionary attacks and the like. Typically, longerpasswords with combinations of letters and numbers provide a higherlevel of security. However, these longer passwords are more difficultfor users to remember. Additionally, passwords provide a single factorof authentication by requiring the user to provide something they know.This factor does not provide any physical authentication of the user'sidentity. Thus, any person can access the user's Web-based accounts andinformation if they gain knowledge of the user's password and username.Additionally, anyone with knowledge of a user's password can initiatetransactions (e.g., purchase transactions and fund transfers) withoutthe user's permission.

Another potential threat that occurs when using passwords is commonlyreferred to as “Man in the Browser” attacks. These types of attacksinvolve malicious software applications (malware) running in theinternet browser while the user is logging on to a web site orperforming a financial transaction.

One of the implementations of this attack is to get access to user'spassword when the user provides their password to the internet browser.After this point malware can conduct any type of malicious action withthe user's account.

Another example of a “Man in the Browser” attack is to modify thetransaction information on the fly and dupe the user by encouraging themto confirm a transaction which they didn't intend to confirm. Themalware residing in the internet browser has full access to allgraphical user interface parts of the browser (window, text, etc.) andmay change them whenever necessary. Therefore, it's important to nottrust the browser user interface when conducting important financialoperations or when logging in to a web account.

Therefore, it is desirable to provide a user authentication method andsystem that offers a more secure authentication of the user, and moresecure transactions, than commonly used password-based systems andmethods.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 depicts an example system capable of implementing securetransactions as discussed herein.

FIGS. 2A and 2B represent a flow diagram depicting an embodiment of aprocedure for implementing a secure transaction.

FIGS. 3-6 depict example user interface displays for implementing securetransactions.

FIGS. 7A and 7B depict another example of a procedure for implementing asecure transaction.

FIG. 8 depicts an example system capable of performing biometric userauthentication.

FIG. 9 depicts another example system capable of performing biometricuser authentication.

FIG. 10 depicts an example user enrollment process.

FIG. 11 depicts an example user authentication process.

FIG. 12 depicts another example system capable of performing biometricuser authentication.

FIG. 13 is a flow diagram depicting an embodiment of a procedure forenrolling a user of a biometric authentication system.

FIG. 14 is a flow diagram depicting an embodiment of a procedure forauthenticating a user of a biometric authentication system.

FIG. 15 is a flow diagram depicting another embodiment of a procedurefor authenticating a user of a biometric authentication system.

FIG. 16 is a flow diagram depicting an embodiment of a procedure forauthenticating a user of a Web browser application that supportsbiometric authentication.

FIG. 17 depicts another embodiment of a procedure for enrolling a userof a biometric authentication system.

FIG. 18 depicts another embodiment of a procedure for identifying andauthenticating a user of a biometric authentication system.

Throughout the description, similar reference numbers may be used toidentify similar elements.

DETAILED DESCRIPTION

The systems and methods described herein relate to biometricauthentication of users. “Biometrics”, “biometric information” and“biometric data” refers to measurable biological characteristics of auser, such as fingerprint characteristics, facial characteristics, eyecharacteristics, voice characteristics (also referred to as a“voiceprint”) and the like. As discussed herein, biometric informationprovides an additional level of security when used in systems andprocedures related to authentication of a user and the implementation ofsecure transactions.

Particular examples discussed herein use fingerprint biometricinformation to authenticate one or more users. In other embodiments, anytype of biometric information may be used instead of fingerprintinformation. Additionally, a particular embodiment may utilize multipletypes of biometric information (e.g., fingerprints and voiceprints) toauthenticate a user. Certain described embodiments refer to “swipe”style fingerprint sensors. However, alternate embodiments may includeany type of fingerprint sensor, such as a “placement” sensor. Inparticular embodiments, the biometric sensor is physically attached (ormanufactured into) a client device, such as a computer, cellular phone,and so forth. In other embodiments, the biometric sensor is a portabledevice that is temporarily coupled to the client device (e.g., apluggable USB device) for enrollment, authentication and/or securetransaction procedures.

As used herein, a “web application”, a “web-based application”, and a“web-enabled application” refers to a software application or softwareroutine that is capable of communicating with one or more web servers orsimilar devices via the Internet or other data communication network.Additionally, a “plug-in”, “browser plug-in” or a “browser extension”refers to an application or extension that provides a variety ofdifferent features and functions. Particular examples of “plug-ins” and“browser plug-ins” discussed herein provide features and functionsrelated to user authentication while, for example, accessing web sites,implementing secure transactions, and the like. In particularembodiments, the browser plug-in is installed as part of themanufacturing process of devices equipped with associated biometricdevices. In other embodiments, the browser plug-in is downloaded (e.g.,via the Internet) at any time after the device is manufactured. Inspecific implementations, the browser plug-in is operable with anybiometric device that supports the Windows Biometric Framework or othersupported architectures or systems.

As discussed above, typical passwords do not provide any physicalauthentication of the user's identity. Thus, any person can access auser's Web-based accounts and related information if they gain knowledgeof the user's password and username. Additionally, anyone with theuser's password and username can initiate a transaction (such as afinancial transaction) without the user's permission. Using biometricinformation in the user authentication and/or transaction processprovides an increased level of security by authenticating physicalcharacteristics of the user. Thus, an imposter with the correct passwordbut lacking the required physical characteristics will not beauthenticated by the system and not permitted to initiate a transactionneeding user permission.

The systems and methods described herein perform biometric userauthentication in several steps. A specific discussion of these userauthentication steps is provided below.

FIG. 1 depicts an example system 100 capable of implementing securetransactions as discussed herein. A web browser application 102executing on a user's computing device communicates with various webservers via the Internet. Web browser application 102 includes a browserextension 104 (or browser plug-in) that communicates with a biometricservice 106. In a particular embodiment, biometric service 106 is asecure application executing in a background mode on the user'scomputing device. Biometric service 106 provides a communicationinterface to a biometric sensor 108, such as a fingerprint sensor.Embodiments of biometric sensor 108 may include a unique encryption key110 and may store various information, such as user names, encryptedsecret keys, and the like in a secure storage device 112.

Browser extension 104 is capable of communicating transaction details,random challenges, signature information, and other data to biometricservice 106. Biometric service 106 verifies the digital signature of anagent application 114 prior to communicating with the agent application.Biometric service 106 may communicate transaction details and relatedinformation to agent application 114. During a secure transaction,biometric service 106 also verifies the text presented in a transactionwindow 116 to the user until the user confirms the transaction byinteracting with biometric sensor 108 (e.g., by presenting the user'sfingerprint to a fingerprint sensor). Agent application 114 isresponsible for launching transaction window 116 and displayingtransaction information in the transaction window. Biometric service 106communicates with one or more web servers as part of the userauthentication procedure and during implementation of the securetransaction. Additional details regarding the enrollment and biometricauthentication of a user are discussed below.

FIGS. 2A and 2B represent a flow diagram depicting an embodiment of aprocedure 200 for implementing a secure transaction. A user submits atransaction to a web server via a web browser application (block 202).This transaction may include a purchase transaction, a funds transfertransaction, or any other transaction in which the user desires aparticular level of security. The web server returns the transactionsigned with a key that is shared between the client device (thecomputing system executing the web browser application) and the webserver (block 204). The web server may also communicate additional datato the client device executing the web browser application (block 206).This additional data may include transaction details, time and otherinformation. For example, additional data may include a cryptographicnonce.

The web browser application receives the transaction data and anyadditional data, and communicates the received data to a biometricservice (block 208), such as biometric service 106 shown in FIG. 1. Thebiometric service then generates a window and displays transaction datain the window (block 210). This window is for the benefit of the user toview and confirm the transaction details. The biometric service thenmonitors the transaction data presented in the window to ensure that thepresented data is not modified (block 212), e.g., by a maliciousapplication or a malicious user. If the biometric service detects thatany of the data in the window is modified, the biometric serviceinstructs the web server to cancel the transaction (block 218). Thebiometric service may verify the integrity of the data in the window atregular (e.g., periodic) time intervals or at random time intervals.

If the data in the window is not modified, the user is then given theopportunity to review the transaction data presented in the window andeither 1) confirm the transaction by providing valid biometric data; or2) deny the transaction by canceling the window or canceling thetransaction (block 216). If the user does not provide valid biometricdata (or the user closes the window/cancels the transaction), thebiometric service instructs the web server to cancel the transaction(block 218). If the user provides valid biometric data, the biometricservice generates a confirmation token and communicates the confirmationtoken to the web server (block 222). The web server then validates theconfirmation token (block 224). If the confirmation token is determinedby the web server to be invalid, the web server cancels the transaction(block 218). However, if the confirmation is determined by the webserver to be valid, the web server processes the transaction (block 228)and notifies the biometric service when the transaction is complete(block 230).

FIGS. 3-6 depict example user interface displays for implementing securetransactions. FIG. 3 shows an example user interface display 300 thatgives the user an opportunity to login to the user's account. In thisexample, the user logs into the account by swiping their finger across afingerprint sensor or activating another biometric device.

FIG. 4 shows an example user interface display 400 that allows the userto send funds to another user or to make a payment to a merchant orother person or entity. As shown in FIG. 4, the user can enter theamount of the payment or funds transfer as well as the name of therecipient of the funds. In alternate embodiments, the user may alsoidentify additional information such as a scheduled time for thetransaction or a comment/note related to the transaction.

FIG. 5 shows an example user interface display 500 that allows a user toconfirm a transaction by swiping their finger across a fingerprintsensor (or using another type of biometric device). The interface shownin FIG. 5 displays the transaction details, such as the amount of thefunds transfer and the recipient of the funds. If the user chooses notto confirm the transaction, they can close the window shown in FIG. 5 oractivate the “Cancel Transaction” button included in the display. Toconfirm the transaction, the user simply swipes their finger across thefingerprint sensor in their computing device. If the user swipes theirfingerprint and the user's fingerprint information is verified, the webserver processes the transaction. Upon completion of the transaction,the web server notifies the user that the transaction is complete bydisplaying a user interface window (such as example user interface 600display shown in FIG. 6) indicating completion of the transaction. Userinterface 600 shown in FIG. 6 also displays the details of the completedtransaction to the user.

FIGS. 7A and 7B depict another example of a procedure for implementing asecure transaction. The example shown in FIGS. 7A and 7B includesvarious tasks, actions and functions performed by different systems,procedures or components, such as the biometric sensor, the biometricservice, the user, the biometric browser extension, the internet browserapplication, and the web server. A user visits a web site where theypreviously enrolled their biometric information associated with abiometric device (e.g., a fingerprint sensor). If the user isauthenticated, they can initiate a privileged operation, such as asecure transaction. This privileged operation may include transferringfunds, purchasing a product or service, and the like.

The web browser application creates an HTTP request associated with thesecure transaction and communicates the request to an appropriate webserver. The web server requests information from the user to completethe requested secure transaction. The web server then returns variousinformation, such as transaction details, a shared key, and a randomchallenge. This information returned by the web server is identified bya specific HTML tag inserted into the HTML code by the web server. Uponreceiving this information from the web server, the web browser displaysan appropriate response. The biometric browser extension detects theHTML tag inserted by the web server and requests the generation of adisplay window to display the transaction details and ask the user toconfirm the transaction details by providing biometric authorization.The biometric browser extension interacts with the biometric service toobtain an authentication token if the user provides valid biometricinformation (e.g., a valid fingerprint is scanned by a fingerprintsensor).

The biometric service validates the digital signature of the biometricbrowser extension to be certain the biometric browser extension has notbeen modified or experienced any tampering. If the user provides validbiometric authorization and the biometric browser extension has notsuffered any tampering, the biometric service creates an HTTPSconnection with the appropriate web server and communicates theauthentication token to the web server. The web server then validatesthe authentication token and completes the transaction.

In a particular embodiment, an agent application generates the displaywindow to the user that provides transaction details and requests thatthe user confirm the transaction details by providing biometricauthorization. This agent application is monitored by the biometricservice to detect any modification of (or tampering with) theinformation displayed in the displayed window.

When a user begins using a device that has an associated biometricsensor, the user enrolls with the biometric user authentication systemby binding their user credentials with the user's biometric template (a“fingerprint template” in specific implementations). The biometrictemplate contains information related to the user's biometriccharacteristics (also referred to as “biometric information”) obtainedfrom a biometric sensor that scans or reads the user's biometriccharacteristics, such as a fingerprint. A user identification processidentifies a particular user among multiple enrolled users (e.g.,multiple users enrolled with a particular device, system or biometricsensor). A user verification process verifies that the user who providedtheir biometric information is who they claim to be by comparing theuser's biometric information with the biometric template obtained duringenrollment of the user. The enrollment, identification and verificationof users are discussed in greater detail herein.

During an example enrollment process that uses a fingerprint sensor asthe biometric sensor, a user swipes their finger across the fingerprintsensor several times to create a fingerprint template. The fingerprinttemplate contains qualitative fingerprint information that allows theuser's fingerprint to be distinguished from fingerprints associated withother users. In alternate embodiments, a placement fingerprint sensor(also referred to as a static fingerprint sensor) is used such that auser places their finger on the fingerprint sensor rather than “swiping”their finger across the fingerprint sensor. After creating a fingerprinttemplate, the user provides user credentials, such as a password,cryptographic key, random seed, and the like. The systems and proceduresdescribed herein bind the user's fingerprint template with the usercredentials. The fingerprint template and user credentials are thenstored in a secure storage device. In one embodiment the secure storagedevice is contained within the fingerprint sensor hardware. In otherembodiments, the secure storage device is contained in a device thatutilizes the fingerprint sensor.

During an example user identification process (also referred to as auser verification process), a user swipes their finger across afingerprint sensor. The process then determines whether the user'sfingerprint information matches a fingerprint template associated withthe fingerprint sensor. If the user's fingerprint information matches afingerprint template, the user's credentials are released to the userand/or a service or process requesting the user verification. Thus, theuser credentials are not released from the secure storage device until amatching fingerprint template is confirmed. In particular embodiments,the user credentials released as a result of a match with a fingerprinttemplate are not necessarily the same credentials provided by the userduring the enrollment process. For example, the user credentialsreleased after finding a matching fingerprint template may include anOTP (One Time Password) token, RSA signature and the like. Theenrollment process can be initiated by a Web server, a Web browserplug-in, and the like.

The described systems and methods communicate user credentials to aspecific address, location, or other recipient identifier. Thus, even ifan imposter can gain access to the user credentials, the system willsend those user credentials to a predetermined address or location,thereby preventing the imposter from attempting to have the usercredentials sent to an alternate address or location. The address orlocation information is stored within the user credentials and isestablished as part of the enrollment process.

Particular embodiments of the systems and methods discussed herein usestrong cryptographic algorithms implemented in hardware and/or software.Example cryptographic algorithms include AES (Advanced EncryptionStandard) 256, SHA (Secure Hash Algorithm) 256 and RSA 2048. Examplebiometric sensors are compatible with various standards, such asOATH-OCRA (OATH Challenge/Response Algorithms), TOPT (Time-basedOne-time Password Algorithm), HOPT (HMAC-Based OTP Algorithm), PKCS(Public Key Cryptography Standards) #11, RSA SecureID based OTP, and thelike.

In a particular implementation, each biometric sensor has a uniqueidentifier (ID) that is used to strengthen the level of securityprovided by the system or process. This unique ID provides an additionalauthentication factor representing “something you have”. Since eachbiometric sensor has a unique ID, each user's biometric template anduser credentials can be uniquely associated with a specific biometricsensor.

Specific implementations include a biometric sensor as part of amulti-component or multi-element authentication system. Particularembodiments may include one or more authentication factors, such as: 1)something you are; 2) something you have; and 3) something you know.

The systems and methods described herein are useful in performing Website authentication. In example embodiments, a Web site that supportsthe authentication procedures discussed herein includes an HTML (HyperText Markup Language) tag that identifies a Web browser plug-in (alsoreferred to as a “biometric plug-in”) that is installed on the user'scomputing device. This HTML tag indicates to the browser that the Website supports biometric authentication. Other example embodimentsinclude an extension of an existing Web browser plug-in. Furtherimplementations may utilize a browser helper object, ActiveX control,Browser Extension, or other approaches. In particular implementations,the Web browser plug-in obtains the biometric sensor's unique ID andcommunicates that unique ID (or a hash of the unique ID) to a web servervia HTTP or HTTPS.

When a user accesses the Web site, the Web browser plug-in is activatedand detects that a biometric sensor is installed in the user's computingdevice. The Web site suggests that the user enroll with their biometricsensor to provide a more secure user authentication. If the useraccepts, the Web site generates a secret key and passes the secret keyto the user's computing device via a secure connection between the Website and the user's computing device. The Web browser plug-in thenactivates the enrollment process to enroll the user. This enrollmentprocess includes binding the Web site to the specific user. The web sitethen generates a secret key and passes the secret key to the user'scomputing device via a secure connection between the Web site and theuser's computing device. In a particular implementation, the“enrollment” process includes enrolling the user's fingerprint andgenerating a secure key.

If the user also wants to bind their computing device with Web siteauthentication, the Web browser plug-in sends the biometric sensor's IDto the Web site server or other device/system. Multiple embodimentsstore information in various formats and on various devices orcomponents within a system. Example embodiments may utilize a hash ofthe shared secret, a hash of the biometric sensor ID, and the like. Atthis point, the user can select different factors for authentication. Ina particular embodiment, the Web site may require strongerauthentication when an important operation is being performed on the Website, such as accessing a bank account or other sensitive data.

After a user has enrolled with a particular Web site that supportsbiometric authentication, subsequent visits to the same Web site causethe Web browser plug-in to detect that the user has already enrolledwith the Web site. In this situation, the Web site prompts the user toperform user authentication (e.g., using the biometric device). In thecase of a fingerprint sensor, the user swipes their finger across thefingerprint sensor or places their finger on the fingerprint sensor. Ifthe fingerprint information matches a fingerprint template associatedwith the fingerprint sensor, the Web browser plug-in releases usersecrets from the user credentials. In particular embodiments, thefingerprint sensor releases an OTP token or an RSA signature instead ofplaintext credentials. After the credentials are released, they arecommunicated to the Web site to complete the user authenticationprocess. In specific implementations, the server may generate a randomchallenge and communicate that challenge to the client device. The Webbrowser plug-in (or the biometric sensor) uses this challenge toconstruct a response based on the secure key and the random challenge.The response may be a hash of the secure key, a hash of the randomchallenge, or any other calculation. The server validates the usercredentials and authenticates the user if the validation is successful.

In particular implementations, the user performs the enrollment processfor each Web site the user accesses that supports biometricauthentication. Additionally, different user credentials are associatedwith each Web site with which the user enrolls. Thus, if the userenrolls with five different Web sites that support biometricauthentication, the biometric sensor in the user's computing devicestores five separate sets of user credentials, each of which isassociated with one of the five different Web sites. Additionally, ifdifferent users access the same Web site, separate user credentials andseparate biometric templates are maintained for each user.

Particular embodiments of the Web browser plug-in support WBF (WindowsBiometric Framework), thereby supporting any biometric device thatsupports the WBF interface. The Web browser plug-in also supports theApplication Programming Interface specified by the BioAPI Consortium.

In alternate embodiments, the systems and methods determine that a Website supports biometric authentication by providing a service or processthat monitors Web site data and detects certain types of transactions onsecure web sites. When a secure transaction is initiated, the systemsand methods check the computing device accessing the Web site todetermine if the computing device includes a fingerprint sensor or otherbiometric device. If so, an enrollment and/or authentication process isactivated to offer an enhanced level of security to the user, asdescribed herein.

FIG. 8 shows an example system 800 capable of performing biometric userenrollment and authentication via a biometric sensor 804 (such as afingerprint sensor or other biometric device). In this example, abiometric service 810 executes on a host PC 802 and communicates withone or more applications 812 that may request user authentication.Example applications include Internet browser applications, financialapplications, and the like. In a particular embodiment, the biometricservice uses a Windows API (e.g., a WinUSB Driver) 808 to encrypt afingerprint template database with system account credentials. Inalternate embodiments, any type of API or similar interface may be usedin place of Windows API 808. Biometric sensor 804 has a unique 128 bitencryption key and a unique identifier (e.g., serial number). Theenrolled credentials of a user are encrypted with the encryption key andstored in a storage device, such as secure storage 806. In a particularembodiment, biometric service 810 is implemented as a serviceapplication running in a local system account.

In a particular embodiment, application 812 is an Internet browserapplication executing on host PC 802 and communicating with various webservers via the Internet. Application 812 includes a browser extensionor browser plug-in that communicates with biometric service 810. In oneimplementation, biometric service 810 is a secure application executingin a background mode on host PC 802. Thus, biometric service 810provides a communication interface to biometric sensor 804. The browserextension (or browser plug-in) associated with application 812 iscapable of communicating transaction details, random challenges,signature information, user information, and other data to biometricservice 810. Biometric service 810 also communicates with one or moreweb servers as part of the user enrollment and/or user authenticationprocedure.

FIG. 9 shows another example system 900 capable of performing biometricuser enrollment and authentication via a biometric sensor 904. System900 includes a host PC 902, a WinUSB driver 910, a biometric service 912and an application 914 similar to the components discussed above withrespect to FIG. 8. In the example of FIG. 9, the biometric sensordecrypts the user credentials only after a successful biometric reading,such as a fingerprint swipe or fingerprint scan (using a placement stylefingerprint sensor). For example, in a successful fingerprint swipe, theswiped fingerprint information matches a fingerprint template associatedwith the fingerprint sensor. In a particular embodiment, the validityenterprise sensor has a unique 256 bit encryption key 908 and a uniqueidentifier (e.g., serial number). The biometric sensor 904 creates asecure communication with Host PC 202 using SSL v3 protocol or othersecure communication technique. In a particular implementation,biometric sensor 904 includes a “match on chip” functionality thatreleases a user's credentials only upon a successful fingerprint swipeor other biometric reading. User credentials and other information maybe stored within biometric sensor 904, in a secure storage 906, or anyother storage mechanism. In certain embodiments, the validity biometricservice is implemented as a service application running in a localsystem account.

FIG. 10 shows an example user enrollment process in which the userenrolls using a fingerprint sensor to bind the user's fingerprinttemplate with the user's credentials. An application 1004 that desiresto enroll a user with a biometric device communicates with a biometricservice 1002, which is coupled to a secure storage 1006. Biometricservice 1002 is also coupled to a biometric sensor (not shown), whichcaptures biometric data and communicates that data to the biometricservice. Application 1004 initiates the user enrollment process bydisplaying a request 1008 for the user to provide their fingerprint (inthe case of a fingerprint sensor) and provide user credentials.Application 1004 communicates a user enrollment request to biometricservice 1002 as well as information regarding a user identifier (userid), an application identifier, and user credentials. The biometricservice then captures the fingerprint data and stores the fingerprintdata in secure storage 1006. Additional details regarding the userenrollment process are provided herein.

FIG. 11 shows an example user authentication process using a fingerprintsensor. An application 1104 that desires to authenticate a user with abiometric device communicates with a biometric service 1102, which iscoupled to a secure storage 1106. Biometric service 1102 is also coupledto a biometric sensor (not shown), which captures biometric data andcommunicates that data to the biometric service. Application 1104initiates the user authentication process by displaying a request 1108for the user to provide their fingerprint (in the case of a fingerprintsensor). Application 1104 communicates an authentication and/or identityrequest to biometric service 1102. The biometric service then capturesthe fingerprint data and identifies user credentials for the userassociated with the fingerprint data. The user credentials are thencommunicated to application 1104. Additional details regarding the userauthentication process are provided herein.

FIG. 12 shows another example system 1200 capable of performingbiometric user enrollment and authentication using any number ofdifferent types or brands of fingerprint sensors. Depending on thefingerprint sensor type and/or manufacturer, the system of FIG. 12uses: 1) a WBF (Windows Biometric Framework) interface; 2) a biometricservice; or 3) any other system or service to communicate data betweenan Internet browser application and the fingerprint sensor.

System 1200 includes a browser application 1202 capable of communicatingwith a web server 1204 and a biometric service 1208. Browser application1202 includes a biometric extension 1218 that facilitates communicationand handling of biometric-related data. In alternate embodiments,biometric extension 1218 is replaced with a browser application plug-in.Web server 1204 is coupled to a secure database 1206 that stores variousdata, such as data used during the biometric user enrollment andauthentication procedures, as discussed herein.

Biometric service 1208 communicates with a Windows biometric framework1210 and a fingerprint sensor 1212. Windows biometric framework 1210also communicates with a fingerprint sensor 1216 that is not able tocommunicate directly with biometric service 1208. Thus, Windowsbiometric framework 1210 provides an interface between fingerprintsensor 1216 and biometric service 1208. Fingerprint sensor 1212 iscapable of communicating directly with biometric service 1208 withoutneeding Windows biometric framework 1210. Fingerprint sensor 1212 iscoupled to a secure storage 1214 that stores user credentials, anencryption key, and related data.

During operation of system 1200, web server 1204 sends a web page (e.g.,an HTML page) and a random challenge to browser application 1202.Biometric extension 1218 communicates the random challenge to biometricservice 1208, which requests a response from fingerprint sensor 1212 (orrequests a response from fingerprint sensor 1216 via Windows biometricframework 1210). Fingerprint sensor 1212 sends a response to biometricservice 1208 after a valid fingerprint swipe (or scan). Thus, if a userfails to swipe a finger or fingerprint sensor 1212 reads invalidfingerprint information, no response is sent to biometric service 1208.In alternate embodiments, fingerprint sensor 1212 sends an “invalidfingerprint” message to biometric service 1208 if the fingerprint sensorreads invalid fingerprint information. If biometric service 1208receives a positive response from fingerprint sensor 1212 (e.g., a validfingerprint swipe), the biometric service communicates a response to therandom challenge to web server 1204 using a secure communication link.Additional details regarding biometric user enrollment andauthentication are provided below.

In a particular embodiment, a secret key (also referred to as a “securekey”) is generated by a web server and stored by the web server. Thesecret key is also provided to the biometric sensor and/or the systemcontaining the biometric sensor, and stored along with the biometrictemplate associated with the user. The secret key can be a cryptographickey (DES, AES, etc.), a random seed, a random number, an RSA privatekey, and so forth. In alternate embodiments, the secret key is generatedby a client device and communicated to the web server. The secure keymay be transferred using HTTP or HTTPS and can be transferred directlyto the browser application or directly to the browser applicationplug-in (or browser application extension). The biometric template istypically generated during enrollment of the user. Additionally, if thebiometric device has a unique ID, that unique ID is sent to the webserver for storage and use in future authentication procedures.

In particular embodiments, binary files used in the systems and methodsdiscussed herein are signed and authenticated prior to running thebinary files. This approach blocks malicious attempts to replace or editthe binary files. Additionally, applications communicating with thebiometric service are validated at runtime.

FIG. 13 is a flow diagram depicting an embodiment of a procedure 1300for enrolling a user of a biometric authentication system. Initially,procedure 1300 detects a finger contacting a fingerprint sensor or otherbiometric sensor (block 1302). Fingerprint information is read as theuser swipes their finger across the fingerprint sensor (block 1304). Inalternate embodiments using a placement fingerprint sensor, thefingerprint information is scanned as the user positions their finger onthe sensor. The procedure continues by creating a fingerprint templateassociated with the fingerprint information (block 1306).

Procedure 1300 receives user credentials associated with the user (block1308). Example user credentials include a password, a cryptographic key,a random seed or any other similar confidential information. Next, theprocedure binds the user credentials with the fingerprint template(block 1310), then stores the user credentials and the fingerprinttemplate (block 1312) in a secure storage device.

In a specific embodiment, the procedure also binds a particular web site(e.g., a web site requesting biometric enrollment and/or biometricauthentication of a user) with the fingerprint template. Thus, aparticular user may perform the biometric enrollment procedure for eachweb site that the user is to provide future biometric authorization orbiometric authentication.

FIG. 14 is a flow diagram depicting an embodiment of a procedure 1400for authenticating a user of a biometric authentication system.Procedure 1400 is performed after a particular user has enrolled withthe biometric authentication system using, for example, the procedurediscussed with respect to FIG. 13. The authentication procedure readsfingerprint information from a user's finger in contact with afingerprint sensor (block 1402). Procedure 1400 then identifies afingerprint template associate with the user (block 1404) who isaccessing the fingerprint sensor. The fingerprint information read fromthe user's finger is compared with the fingerprint template (block 1406)to determine whether there is a match (block 1408). If the fingerprintinformation read by the fingerprint sensor does not match theinformation stored in the fingerprint template, the biometricauthentication system does not retrieve the user credentials (block1414). Thus, the user credentials remain securely stored if a match isnot detected.

If the fingerprint information read by the fingerprint sensor matchesthe information stored in the fingerprint template, the biometricauthentication system retrieves the credentials associated with the user(block 1410). The user credentials are then communicated to a requestingprocess or system (block 1412).

FIG. 15 is a flow diagram depicting another embodiment of a procedure1500 for authenticating a user of a biometric authentication system.Initially, procedure 1500 reads fingerprint information from a user'sfinger in contact with a fingerprint sensor (1502). The procedure thenauthenticates the fingerprint information (block 1504). If thefingerprint information is not authenticated, a message is generatedindicating an authentication failure (block 1506). If the fingerprintinformation is authenticated, the procedure retrieves credentialsassociated with the user based on the fingerprint information (block1508). The procedure then decrypts the user credentials (block 1510) andidentifies a unique identifier associated with the fingerprint sensor(block 1512). The decrypted credentials and the unique identifier arecommunicated to a requesting process or system (block 1514).

FIG. 16 is a flow diagram depicting an embodiment of a procedure 1600for authenticating a user of a Web browser application that supportsbiometric authentication. Initially, a web browser application accessesa web site that supports biometric authentication (block 1602). Theprocedure then determines whether a biometric device is installed in thesystem executing the web browser application (block 1604). The biometricdevice may be physically installed in the system or coupled to thesystem, such as via a universal serial bus (USB) or other communicationlink. If a biometric device is not installed (block 1606), the webbrowser application operates without biometric authentication (block1614).

If a biometric device is installed in the system executing the webbrowser application, the web browser application offers enhancedsecurity to a user through the use of the biometric device (block 1608).If the user accepts the offer of enhanced security at block 1610, theuser enrolls using the biometric device (block 1612). The user enrolls,for example, using the enrollment procedure discussed herein. If theuser does not accept the offer of enhanced security at block 1610, theweb browser application operates without biometric authentication (block1614).

FIG. 17 depicts another embodiment of a procedure for enrolling a userof a biometric authentication system. FIG. 17 shows the various actionsand functions performed during the enrollment of a user and thecomponent or system that performs those actions or functions.

FIG. 18 depicts another embodiment of a procedure for identifying andauthenticating a user of a biometric authentication system. FIG. 18shows the various actions and functions performed during theidentification and authentication of a user and the component or systemthat performs those actions or functions.

The invention may also involve a number of functions to be performed bya computer processor, such as a microprocessor. The microprocessor maybe a specialized or dedicated microprocessor that is configured toperform particular tasks according to the invention, by executingmachine-readable software code that defines the particular tasksembodied by the invention. The microprocessor may also be configured tooperate and communicate with other devices such as direct memory accessmodules, memory storage devices, Internet related hardware, and otherdevices that relate to the transmission of data in accordance with theinvention. The software code may be configured using software formatssuch as Java, C++, XML (Extensible Mark-up Language) and other languagesthat may be used to define functions that relate to operations ofdevices required to carry out the functional operations related to theinvention. The code may be written in different forms and styles, manyof which are known to those skilled in the art. Different code formats,code configurations, styles and forms of software programs and othermeans of configuring code to define the operations of a microprocessorin accordance with the invention will not depart from the spirit andscope of the invention.

Within the different types of devices, such as laptop or desktopcomputers, hand held devices with processors or processing logic, andalso possibly computer servers or other devices that utilize theinvention, there exist different types of memory devices for storing andretrieving information while performing functions according to theinvention. Cache memory devices are often included in such computers foruse by the central processing unit as a convenient storage location forinformation that is frequently stored and retrieved. Similarly, apersistent memory is also frequently used with such computers formaintaining information that is frequently retrieved by the centralprocessing unit, but that is not often altered within the persistentmemory, unlike the cache memory. Main memory is also usually includedfor storing and retrieving larger amounts of information such as dataand software applications configured to perform functions according tothe invention when executed by the central processing unit. These memorydevices may be configured as random access memory (RAM), static randomaccess memory (SRAM), dynamic random access memory (DRAM), flash memory,and other memory storage devices that may be accessed by a centralprocessing unit to store and retrieve information. During data storageand retrieval operations, these memory devices are transformed to havedifferent states, such as different electrical charges, differentmagnetic polarity, and the like. Thus, systems and methods configuredaccording to the invention as described herein enable the physicaltransformation of these memory devices. Accordingly, the invention asdescribed herein is directed to novel and useful systems and methodsthat, in one or more embodiments, are able to transform the memorydevice into a different state. The invention is not limited to anyparticular type of memory device, or any commonly used protocol forstoring and retrieving information to and from these memory devices,respectively.

Embodiments of the systems and methods described herein facilitateenrollment and authentication of users through a biometric device, suchas a fingerprint sensor. Certain embodiments described herein facilitateone or more secure transactions. Additionally, some embodiments are usedin conjunction with one or more conventional fingerprint sensing systemsand methods. For example, one embodiment is used as an improvement ofexisting fingerprint detection and/or sensing systems.

Although the components and modules illustrated herein are shown anddescribed in a particular arrangement, the arrangement of components andmodules may be altered to enroll and authenticate users in a differentmanner, or to implement secure transactions in a different manner. Inother embodiments, one or more additional components or modules may beadded to the described systems, and one or more components or modulesmay be removed from the described systems. Alternate embodiments maycombine two or more of the described components or modules into a singlecomponent or module.

Although specific embodiments of the invention have been described andillustrated, the invention is not to be limited to the specific forms orarrangements of parts so described and illustrated. The scope of theinvention is to be defined by the claims appended hereto and theirequivalents.

1. A method comprising: receiving a user request for a securetransaction; communicating the user request to a web server; receivingtransaction details from the web server, wherein the transaction detailsare signed with a secret key; displaying transaction details to theuser; requesting the user to confirm the secure transaction by providingbiometric data; receiving an authentication token from a biometricdevice if the user's biometric data is validated; and communicating theauthentication token to the web server, wherein the web server isconfigured to process the secure transaction if the authentication tokenis confirmed as a valid authentication token.
 2. The method of claim 1,wherein communicating the authentication token to the web server isperformed by a biometric service.
 3. The method of claim 1, whereincommunicating the authentication token to the web server is performed bya web browser application.
 4. The method of claim 1, whereincommunicating the authentication token to the web server is performed bya biometric browser extension.
 5. The method of claim 1, wherein thebiometric data includes user fingerprint characteristics.
 6. The methodof claim 1, further comprising communicating a unique identifierassociated with the biometric device to the web server.
 7. The method ofclaim 1, further comprising receiving a random challenge from the webserver.
 8. The method of claim 1, wherein displaying transaction detailsto the user is performed by a biometric service.
 9. The method of claim1, wherein displaying transaction details to the user is performed by aweb browser plug-in application.
 10. The method of claim 1, furthercomprising monitoring the displayed transaction details to ensure thatthe displayed transaction details are not modified.
 11. The method ofclaim 1, wherein displaying transaction details to the user includes:validating a digital signature associated with an agent applicationconfigured to display the transaction details; and launching the agentapplication if the digital signature is validated.
 12. The method ofclaim 11, wherein a biometric service validates the digital signature.13. The method of claim 1, further comprising establishing a secureconnection with the web service using an address received from theremote device.
 14. The method of claim 1, wherein the authenticationtoken is a one time password.
 15. The method of claim 1, wherein theauthentication token is a secret key.
 16. The method of claim 1, whereinthe authentication token is a response to a challenge received from theweb server.
 17. A method comprising: receiving a request for a securetransaction from a user, wherein the secure transaction has associatedsecure transaction details; authenticating the user requesting thesecure transaction with a biometric device; if the user isauthenticated: verifying integrity of the secure transaction details;receiving an authentication token from a biometric device; and sendingthe authentication token to a remote device, wherein the remote deviceinitiates the secure transaction.
 18. The method of claim 17, whereinverifying integrity of the secure transaction details is performed by abiometric service.
 19. The method of claim 17, wherein authenticatingthe user includes requesting the user to interact with the biometricdevice.
 20. The method of claim 17, further comprising displaying securetransaction details to the user.
 21. The method of claim 20, whereindisplaying secure transaction details to the user includes: validating adigital signature associated with an agent application configured todisplay the transaction details; and launching the agent application ifthe digital signature is validated.
 22. The method of claim 17, whereinverifying the integrity of the secure transaction details includesidentifying any changes to the secure transaction details.
 23. Themethod of claim 17, further comprising terminating the securetransaction if changes to the secure transaction details are detected.24. The method of claim 17, wherein verifying the integrity of thesecure transaction details includes identifying any changes to thesecure transaction details at predetermined time intervals.
 25. Themethod of claim 17, wherein verifying the integrity of the securetransaction details includes identifying any changes to the securetransaction details at random time intervals.